TrystanLea
commented
3 years ago Hello @shadowguardian507-irl
Thanks a lot for this, sorry its taken me almost a year to review! I think using real_escape_string is too permissive, I wanted to restrict the possible characters more strictly. I've modified the regex to similar to other emoncms modules:
$group_name = preg_replace('/[^\p{N}\p{L}_\-:]/u', '', $group_name);This seems to be working fine.
Thanks for the pointers and comments with your pull request it helped a lot to understand the issue!
I have refactored the code to use the formal php mysql string sanitisation functions and removed the broken regex expressions that were blocking successful creation and edit of groups (group would be made but would be called null with a null description as the regex seemingly blocked all strings of any type)
I have tested this on an emonpi unit and it is working ok in regards to groups.
there are still related problems though see issue https://github.com/emoncms/group/issues/63